Unfortunately mimeTeX and mathTex are provided without version numbers by the maintainer, who releases version-less zip archives. It is therefore impossible to provide affected version numbers.

The mimeTeX application suffers from several stack-based buffer overflows which can be remotely triggered by passing oversized TeX expressions. Additionally the \environ, \input and \counter directives may not be suitable for exposure to commands from the Internet. Similarly the mathTeX application does not perform sufficient input sanitization and allows untrusted input, passed via HTTP query strings, to be used as command arguments allowing command injection. Additionally it suffers from several stack-based overflows as well as insecure temporary file handling.